1. Technical Field
The present disclosure relates to authentication by a system, and more specifically, to a system and method of authenticating a user or usage of a first device by comparing usage of the first device with other usage data from at least one other device that transmits data on an independent data path from a data path associated with the first device.
2. Introduction
A common challenge in complex computer systems is the identification of anomalous activity, such as unauthorized access or use of a device. A common scenario is an unauthorized party attempting to nefariously exploit an authorized party's access to a system. Further, unauthorized use of the device can be from an authorized user who is doing inappropriate things once the authorized user gains access. Some approaches have developed to address this challenge, including multi-factor authentication, use of mobile devices to validate access, geo-location of the source access location, performance monitoring, and monitoring a data stream from the device in question for unauthorized activity. Some of the current state-of-art security features rely upon hardware tokens, cookies, geo-location, and passwords. Geo-location capabilities in devices are commonly available, making use of Global Positioning System (GPS) receivers, cellular network tower triangulation, or other means. These capabilities are sufficient to locate the device to within 10 m or less when GPS is used, and at 50 m with nominal triangulation from cell towers. This level or granularity is sufficient to establish a reasonable probability of the device being present in a defined geographic area, such as a work location, or home. Cell tower density is effectively coupled to cell phone/smartphone density, and in many metropolitan settings, the cell tower-based geo-location is approaching satellite-based GPS performance.
However, there still exists a need for improved detection of inappropriate use or unauthorized access to a device. Sophisticated attackers can change data or files on a device and fool detection systems. The prior strategies have not been able to adequately capture inappropriate access or use. For example, a sophisticated attacker can alter internal files on a device, such as a computer, such that reliance on data from the device regarding its usage may not enable a detection system to detect the unauthorized use. What is needed is an improved ability to identify when a device has been inappropriately accessed or used.